Lucene search
K

25 matches found

CVE
CVE
added 2026/06/24 6:13 p.m.44 views

CVE-2026-53943

The CVE-2026-53943 entry describes a Ghost CMS vulnerability where, on sites behind a shared caching layer, an unauthenticated user can send an x-ghost-preview header that poisons cached responses, altering rendered frontend output. In affected configurations, this cached, request-specific previe...

9.6CVSS5.9AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/28 6:32 a.m.17 views

CVE-2024-13146

The Booknetic WordPress plugin before 4.1.5 does not have CSRF check when creating Staff accounts, which could allow attackers to make logged in admin add arbitrary Staff members via a CSRF attack...

8.8CVSS6.9AI score0.00221EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/26 6:0 a.m.8 views

CVE-2024-13146 Booknetic < 4.1.5 - Staff Creation via CSRF

The Booknetic WordPress plugin before 4.1.5 does not have CSRF check when creating Staff accounts, which could allow attackers to make logged in admin add arbitrary Staff members via a CSRF attack...

7.1AI score0.00221EPSS
Exploits1References1
CVE
CVE
added 2025/03/26 6:0 a.m.77 views

CVE-2024-13146

The CVE-2024-13146 entry concerns the WordPress Booknetic plugin (pre-4.1.5) lacking CSRF protection when creating Staff accounts, enabling a logged-in attacker to add arbitrary Staff members via CSRF. Affected: Booknetic WordPress plugin versions prior to 4.1.5. Root cause: missing CSRF check on...

8.8CVSS7.1AI score0.00221EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/06/25 12:23 p.m.4 views

MAL-2024-3051 Malicious code in staff-account (npm)

False positive caused by problematic ingestion. --- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSV
OSV
added 2024/03/07 9:15 p.m.6 views

CVE-2024-26492

An issue in Online Diagnostic Lab Management System 1.0 allows a remote attacker to gain control of a 'Staff' user account via a crafted POST request using the id, email, password, and cpass parameters...

6.3CVSS5.9AI score0.00581EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/03/07 12:0 a.m.4 views

PT-2024-21406 · Unknown · Online Diagnostic Lab Management System

Name of the Vulnerable Software and Affected Versions: Online Diagnostic Lab Management System version 1.0 Description: The issue allows a remote attacker to gain control of a 'Staff' user account via a crafted POST request. The attacker can exploit this by using the id, email, password, and cpas...

6.3CVSS6.6AI score0.00581EPSS
Exploits1References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/09/21 1:38 a.m.6 views

Malicious code in @zettle-bo/staff-account (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e6890c2d23d73e43eaf40b3d6435083b993f77894876b67b4a2ea41c9a223f3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References2
NVD
NVD
added 2022/01/06 4:15 p.m.24 views

CVE-2021-46075

A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations...

7.2CVSS0.02616EPSS
Exploits2References2
Prion
Prion
added 2022/01/06 4:15 p.m.19 views

Privilege escalation

A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations...

6.5CVSS6.9AI score0.02616EPSS
Exploits2References2Affected Software1
Hacker One
Hacker One
added 2020/09/14 5:56 a.m.34 views

Shopify: Undocumented `fileCopy` GraphQL API

Impact A malicious staff account with no permissions can copy other store file assets to current store, which they have no access to. Details So the story as follow A malicious staff member jackmccracken on storeA.myshopify.com wants to upload a file on the store but could not, due to permissions...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2020/06/30 1:23 p.m.23 views

Shopify: increased privileges on staff account

staff on partners without a store management permit can have access to the collaboration shop steps for reproduction 1. Invite staff to partners without store management permission 2. accept the invitation and the staff has become a member of the partner 3. On the staff account, try to access the...

3.7AI score
Exploits0
Hacker One
Hacker One
added 2020/06/06 8:38 p.m.26 views

Shopify: Ability to link a Google account to another staff account/store owner that isn't linked yet

The https://pos-channel.shopifycloud.com/graphql-proxy/admin endpoint allows us to update a staff email address that is having a Shopify ID. Taking that into consideration, if a store is setup to use Google Apps as login service and if a staff/store owner hasn't yet linked his account to a Google...

6.1AI score
Exploits0
Hacker One
Hacker One
added 2018/03/29 9:38 p.m.37 views

Shopify: Order notifications being sent for a deactivated staff account

Hi, Steps to reproduce : - - Have a staff account with settings permission - The staff account can go to notifications & add himself so as to get new order notifications - Now,deactivate the staff account via the admin. - Create a new order,you shall see that the staff still receives the order...

2AI score
Exploits0
Hacker One
Hacker One
added 2016/10/16 10:6 a.m.39 views

Shopify: race condition in adding team members

The researcher reported a race condition when adding new staff members that would allow bypassing the staff account limit for all plans. We fixed this issue by adding an exclusive lock around the account creation process. Note: Shopify no longer accepts reports regarding race conditions bypassing...

2.5AI score
Exploits0
Hacker One
Hacker One
added 2016/10/13 12:40 a.m.42 views

Shopify: Able to Login deactivated staff account in shopify app mobile

Hi Shopify, Deactivated staff account is able to login in shopify mobile app. STEPS 1. Login your owner account 2. Go to Staff Accounts and deactivate your staff account 3. Login to your staff account in your shopify mobile app As you can see you were able to login even the staff account was...

2.2AI score
Exploits0
Packet Storm
Packet Storm
added 2010/07/13 12:0 a.m.17 views

TheHostingTool 1.2.2 Cross Site Request Forgery

Date: Mon 12 Jul 2010 01:19:52 PM EEST Vendor: http://thehostingtool.com/ Download: http://thehostingtool.googlecode.com/files/THT-v1.2.2.zip --- -= CSRF PoC 1 - Create Staff Account =- TheHostingTool 1.2.2 Multiple CSRF Vulnerabilities - Create Staff Account -= CSRF PoC 2 - Delete Staff Account ...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2010/07/12 12:0 a.m.31 views

TheHostingTool 1.2.2 - Multiple Cross-Site Request Forgery Vulnerabilities

Date: Mon 12 Jul 2010 01:19:52 PM EEST Vendor: http://thehostingtool.com/ Download: http://thehostingtool.googlecode.com/files/THT-v1.2.2.zip --- -= CSRF PoC 1 - Create Staff Account =- TheHostingTool 1.2.2 Multiple CSRF Vulnerabilities - Create Staff Account -= CSRF PoC 2 - Delete Staff Account ...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2010/07/12 12:0 a.m.10 views

TheHostingTool 1.2.2 - Multiple Cross-Site Request Forgery Vulnerabilities

TheHostingTool 1.2.2 - Multiple Cross-Site Request Forgery Vulnerabilities Date: Mon 12 Jul 2010 01:19:52 PM EEST Vendor: http://thehostingtool.com/ Download: http://thehostingtool.googlecode.com/files/THT-v1.2.2.zip --- -= CSRF PoC 1 - Create Staff Account =- TheHostingTool 1.2.2 Multiple CSRF...

0.3AI score
Exploits0
0day.today
0day.today
added 2010/07/12 12:0 a.m.27 views

TheHostingTool v1.2.2 Multiple CSRF Vulnerabilities

Exploit for php platform in category web applications =================================================== TheHostingTool v1.2.2 Multiple CSRF Vulnerabilities =================================================== Date: Mon 12 Jul 2010 01:19:52 PM EEST Vendor: http://thehostingtool.com/ Download:...

7.1AI score
Exploits0
Rows per page
Query Builder